diff --git a/pgroonga/migrations/0003_v2_api_upgrade.py b/pgroonga/migrations/0003_v2_api_upgrade.py index 49ae5d3cc4..71c8c5d7b2 100644 --- a/pgroonga/migrations/0003_v2_api_upgrade.py +++ b/pgroonga/migrations/0003_v2_api_upgrade.py @@ -11,24 +11,28 @@ class Migration(migrations.Migration): database_setting = settings.DATABASES["default"] operations = [ - migrations.RunSQL([""" -ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public; + migrations.RunSQL([(""" +DO $$BEGIN +EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public', %(USER)s, %(SCHEMA)s); SET search_path = %(SCHEMA)s,public; DROP INDEX zerver_message_search_pgroonga; -""" % database_setting, """ +END$$ +""", database_setting), """ CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message USING pgroonga(search_pgroonga pgroonga_text_full_text_search_ops_v2); """], - [""" -ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public,pgroonga,pg_catalog; + [(""" +DO $$BEGIN +EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public,pgroonga,pg_catalog', %(USER)s, %(SCHEMA)s); SET search_path = %(SCHEMA)s,public,pgroonga,pg_catalog; DROP INDEX zerver_message_search_pgroonga; -""" % database_setting, """ +END$$ +""", database_setting), """ CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message USING pgroonga(search_pgroonga pgroonga.text_full_text_search_ops); diff --git a/tools/semgrep.yml b/tools/semgrep.yml index 94982715ed..2841b08f74 100644 --- a/tools/semgrep.yml +++ b/tools/semgrep.yml @@ -74,6 +74,8 @@ rules: - pattern: psycopg2.sql.SQL(... .format(...)) - pattern: django.db.migrations.RunSQL(..., ... % ..., ...) - pattern: django.db.migrations.RunSQL(..., "..." .format(...), ...) + - pattern: django.db.migrations.RunSQL(..., [..., ... % ..., ...], ...) + - pattern: django.db.migrations.RunSQL(..., [..., "..." .format(...), ...], ...) severity: ERROR message: "Do not write a SQL injection vulnerability please"